More than just a degree
Our team
Mehmet Kutlay Kocer is an Adjunct lecturer for Programming and IT Security at Campus Innovation Hub of the University of Europe for Applied Sciences. More Information here.
Mehmet Kutlay Kocer
Field of Expertise: Programming and IT Security
Campus: Innovation Hub
Office Hours: By Appointment
Mehmet Kutlay Kocer received his B.Sc. in Computer Engineering from TOBB ETU in 2016 and MBA in Management and Business Strategy in 2020. His professional experience includes global roles in offensive cybersecurity and internal audits. He currently serves as a Staff Information Security Engineer, and Cybersecurity Audits Manager at Tesla. Additionally, he is a lecturer at the University of UE, where he teaches IT Security and Programming to B.Sc. students.
11/2020 - Present
Staff Information Security Engineer, Global Lead Cybersecurity Advisory and Assurance Internal Audit Tesla Inc. Berlin Germany
As part of Internal Audit Team, I am leading the cybersecurity efforts for the Internal Audit team by assessing and providing information security solutions to strengthen Tesla’s cybersecurity posture in the following areas: vehicle firmware and hardware, data privacy and intellectual property protection, ICS/SCADA security (Giga factories), infrastructure and cloud environments, and on the application development processes.
Responsibilities include, but are not limited to:
· Strategic Planning: Develop and execute a strategic cybersecurity plan aligned with the organisation’s objectives, ensuring proactive measures are in place to mitigate risks.
· Enterprise Risk Assessments: Lead comprehensive risk assessments to identify, evaluate, and prioritise cybersecurity risks across the organisation’s systems, networks, and processes.
· Penetration Testing & Vulnerability Assessments: Oversee the execution of penetration tests and vulnerability assessments to identify weaknesses in the security infrastructure and applications, ensuring timely remediation.
· Security Audits & Compliance: Conduct audits to assess compliance with cybersecurity policies, industry standards, and regulatory requirements, providing guidance to ensure adherence and proposing necessary improvements.
· Team Leadership & Training: Manage and mentor a team of cybersecurity professionals, fostering their growth, providing guidance, and organising relevant training programs to enhance skills and knowledge.
· Technology Evaluation & Implementation: Evaluate emerging technologies, tools, and frameworks to enhance cybersecurity capabilities, overseeing their implementation and integration into existing systems.
· Stakeholder Communication: Effectively communicate cybersecurity risks, strategies, and recommendations to stakeholders at all levels, including executives and the board, facilitating informed decision-making.
· Continuous Improvement & Innovation: Drive continuous improvement initiatives by staying updated with industry trends, fostering innovation in cybersecurity approaches, and refining processes for greater efficiency and effectiveness.
· Collaboration & Partnerships: Foster collaborations with external cybersecurity experts, industry peers, and government bodies to stay informed about evolving threats, best practices, and regulatory changes.
12/2019 – 11/2020
Red Team Engineer, Tech Data GmbH Co. OHG IT-Security
Munich Germany
Responsibilities include, but are not limited to:
· Performing full scope Adversarial Simulation/Red Team assessments.
· Using known tactics, techniques, and procedures (TTP) to emulate attack scenarios.
· Conducting penetration testing against internal infrastructure, cloud environments and applications.
· Researching emerging threats, disclosed vulnerabilities and cyber intelligence information.
· Performing security and compliance assessments.
· Conducting threat modeling and code security audits.
· Performing malware analysis.
· Planning and managing red team and pentest engagements to be executed by external partners.
· Investigating opportunities to update security processes to sustain and enhance network and system security detection and protection capabilities.
· Conducting technical briefings with Tech Data peers across Information Security.
· Providing programmatic and operational briefings and recommendations to the Tech Data Management.
10/2018 – 12/2019
Senior Penetration Tester/ Cybersecurity Consultant, TÜV SÜD AG BU Cyber Security Services, Munich Germany
Responsibilities include, but are not limited to:
· Web and Mobile Application Penetration Tests
· Internal, External Network Penetration Tests
· Wireless Penetration Tests
· Red Teaming Assessments
· Risk Assessments
· ICS Security Audits
· IOT Security Audits
- Smart home devices, medical devices, smart locks
· TUEV SUED AS - Autonomous Vehicle Technology, AD Standards
04/2016 – 10/2018
Penetration Tester Barikat Internet Security, Barikat Security Analysis, Testing and Compliance Services Unit, Ankara Turkey
Responsibilities include, but are not limited to:
· Conducting cybersecurity audits on Internet, networks, and web-based applications.
· Conducting ICS penetration tests and cyber security audits
- Oil and gas infrastructure, steel, and coil energy infrastructure: DCS
systems, RTU systems, PLCs, FSRU infrastructure, HMIs
· Performing IOT cybersecurity audits.
- Smart electricity meters
- Smart locks
· Conducting social engineering tests.
· Conducting wireless penetration tests.
· Conducting DDoS tests and load tests for availability assessment.
· Conducting code security audits.
· Conducting Red teaming Assessments
Staff Information Security Engineer, Global Lead Cybersecurity Advisory and Assurance Internal Audit Tesla Inc. Berlin Germany
As part of Internal Audit Team, I am leading the cybersecurity efforts for the Internal Audit team by assessing and providing information security solutions to strengthen Tesla’s cybersecurity posture in the following areas: vehicle firmware and hardware, data privacy and intellectual property protection, ICS/SCADA security (Giga factories), infrastructure and cloud environments, and on the application development processes.
Responsibilities include, but are not limited to:
· Strategic Planning: Develop and execute a strategic cybersecurity plan aligned with the organisation’s objectives, ensuring proactive measures are in place to mitigate risks.
· Enterprise Risk Assessments: Lead comprehensive risk assessments to identify, evaluate, and prioritise cybersecurity risks across the organisation’s systems, networks, and processes.
· Penetration Testing & Vulnerability Assessments: Oversee the execution of penetration tests and vulnerability assessments to identify weaknesses in the security infrastructure and applications, ensuring timely remediation.
· Security Audits & Compliance: Conduct audits to assess compliance with cybersecurity policies, industry standards, and regulatory requirements, providing guidance to ensure adherence and proposing necessary improvements.
· Team Leadership & Training: Manage and mentor a team of cybersecurity professionals, fostering their growth, providing guidance, and organising relevant training programs to enhance skills and knowledge.
· Technology Evaluation & Implementation: Evaluate emerging technologies, tools, and frameworks to enhance cybersecurity capabilities, overseeing their implementation and integration into existing systems.
· Stakeholder Communication: Effectively communicate cybersecurity risks, strategies, and recommendations to stakeholders at all levels, including executives and the board, facilitating informed decision-making.
· Continuous Improvement & Innovation: Drive continuous improvement initiatives by staying updated with industry trends, fostering innovation in cybersecurity approaches, and refining processes for greater efficiency and effectiveness.
· Collaboration & Partnerships: Foster collaborations with external cybersecurity experts, industry peers, and government bodies to stay informed about evolving threats, best practices, and regulatory changes.
12/2019 – 11/2020
Red Team Engineer, Tech Data GmbH Co. OHG IT-Security
Munich Germany
Responsibilities include, but are not limited to:
· Performing full scope Adversarial Simulation/Red Team assessments.
· Using known tactics, techniques, and procedures (TTP) to emulate attack scenarios.
· Conducting penetration testing against internal infrastructure, cloud environments and applications.
· Researching emerging threats, disclosed vulnerabilities and cyber intelligence information.
· Performing security and compliance assessments.
· Conducting threat modeling and code security audits.
· Performing malware analysis.
· Planning and managing red team and pentest engagements to be executed by external partners.
· Investigating opportunities to update security processes to sustain and enhance network and system security detection and protection capabilities.
· Conducting technical briefings with Tech Data peers across Information Security.
· Providing programmatic and operational briefings and recommendations to the Tech Data Management.
10/2018 – 12/2019
Senior Penetration Tester/ Cybersecurity Consultant, TÜV SÜD AG BU Cyber Security Services, Munich Germany
Responsibilities include, but are not limited to:
· Web and Mobile Application Penetration Tests
· Internal, External Network Penetration Tests
· Wireless Penetration Tests
· Red Teaming Assessments
· Risk Assessments
· ICS Security Audits
· IOT Security Audits
- Smart home devices, medical devices, smart locks
· TUEV SUED AS - Autonomous Vehicle Technology, AD Standards
04/2016 – 10/2018
Penetration Tester Barikat Internet Security, Barikat Security Analysis, Testing and Compliance Services Unit, Ankara Turkey
Responsibilities include, but are not limited to:
· Conducting cybersecurity audits on Internet, networks, and web-based applications.
· Conducting ICS penetration tests and cyber security audits
- Oil and gas infrastructure, steel, and coil energy infrastructure: DCS
systems, RTU systems, PLCs, FSRU infrastructure, HMIs
· Performing IOT cybersecurity audits.
- Smart electricity meters
- Smart locks
· Conducting social engineering tests.
· Conducting wireless penetration tests.
· Conducting DDoS tests and load tests for availability assessment.
· Conducting code security audits.
· Conducting Red teaming Assessments
Offensive cybersecurity techniques
Secure systems architecture
Programming and software resilience
Secure communication protocols
Blockchain and cryptocurrency protocols
Secure systems architecture
Programming and software resilience
Secure communication protocols
Blockchain and cryptocurrency protocols